This is a report that should contain complex information about the web application. It should be revisited by a team member. This scann is meant to be run periodically and is meant to be the longest out of all the scanns.

Generated on Mon, 29 Jan 2024 16:03:43

ZAP Version: 2.14.0

Summary of Alerts

Risk Level Number of Alerts
High
2
Medium
5
Low
4

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active LOW HIGH
CRLF Injection Active LOW HIGH
Path Traversal Active LOW HIGH
Remote File Inclusion Active LOW HIGH
Parameter Tampering Active LOW HIGH
Server Side Include Active LOW HIGH
GET for POST Active LOW HIGH
Cross Site Scripting (Reflected) Active LOW HIGH
Cross Site Scripting (Persistent) Active LOW HIGH
Script Active Scan Rules Active LOW HIGH
Cross Site Scripting (Persistent) - Prime Active LOW HIGH
Cross Site Scripting (Persistent) - Spider Active LOW HIGH
SQL Injection - MySQL Active LOW HIGH
SQL Injection - Hypersonic SQL Active LOW HIGH
SQL Injection - Oracle Active LOW HIGH
SQL Injection - PostgreSQL Active LOW HIGH
SQL Injection - SQLite Active LOW HIGH
Cross Site Scripting (DOM Based) Active LOW HIGH
SQL Injection - MsSQL Active LOW HIGH
Trace.axd Information Leak Active LOW HIGH
XSLT Injection Active LOW HIGH
.htaccess Information Leak Active LOW HIGH
.env Information Leak Active LOW HIGH
Server Side Code Injection Active LOW HIGH
Hidden File Finder Active LOW HIGH
XPath Injection Active LOW HIGH
Remote OS Command Injection Active LOW HIGH
XML External Entity Attack Active LOW HIGH
Generic Padding Oracle Active LOW HIGH
Spring Actuator Information Leak Active LOW HIGH
SOAP Action Spoofing Active LOW HIGH
Log4Shell Active LOW HIGH
SOAP XML Injection Active LOW HIGH
Spring4Shell Active LOW HIGH
Heartbleed OpenSSL Vulnerability Active LOW HIGH
Buffer Overflow Active LOW HIGH
Source Code Disclosure - CVE-2012-1823 Active LOW HIGH
Format String Error Active LOW HIGH
Server Side Template Injection Active LOW HIGH
Remote Code Execution - CVE-2012-1823 Active LOW HIGH
External Redirect Active LOW HIGH
Server Side Template Injection (Blind) Active LOW HIGH
User Agent Fuzzer Active LOW HIGH
Source Code Disclosure - /WEB-INF folder Active LOW HIGH
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
Strict-Transport-Security Header Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

http://cdnjs.cloudflare.com

HTTP Response Code Number of Responses

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

http://cdnjs.cloudflare.com

HTTP Response Code Number of Responses

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

http://npm:3000

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values
cookieconsent_status
Cookie
250
1
language
Cookie
681
1
welcomebanner_status
Cookie
279
1
EIO
URL
120
1
name
URL
48
1
q
URL
24
1
sid
URL
96
24
t
URL
96
96
transport
URL
120
2
Accept-Ranges
Header
485
1
Access-Control-Allow-Origin
Header
783
1
Cache-Control
Header
485
1
Connection
Header
903
2
Content-Length
Header
445
36
Content-Type
Header
445
12
Date
Header
879
40
ETag
Header
782
31
Feature-Policy
Header
783
1
Keep-Alive
Header
879
1
Last-Modified
Header
485
4
Sec-WebSocket-Accept
Header
24
24
Upgrade
Header
24
1
Vary
Header
236
1
X-Content-Type-Options
Header
783
1
X-Frame-Options
Header
783
1
X-Recruiting
Header
783
1

http://NPM:3000

HTTP Response Code Number of Responses
200 OK
329
400 Bad Request
2

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values
Accept-Ranges
Header
6
1
Access-Control-Allow-Origin
Header
7
1
Cache-Control
Header
6
1
Connection
Header
7
1
Content-Length
Header
7
2
Content-Type
Header
7
2
Date
Header
7
1
ETag
Header
7
2
Feature-Policy
Header
7
1
Keep-Alive
Header
7
1
Last-Modified
Header
6
1
Vary
Header
7
1
X-Content-Type-Options
Header
7
1
X-Frame-Options
Header
7
1
X-Recruiting
Header
7
1

Alert Detail

High
Cloud Metadata Potentially Exposed
Description
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.

All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.
URL http://NPM:3000/latest/meta-data/
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 130 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/latest/meta-data/?EIO=4&transport=polling&t=OrLx0OM&sid=6q4DrHOK8j17hqptAAAt
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 449 bytes.
Request Body - size: 2 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 2
Solution
Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
Reference https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id
WASC Id
Plugin Id 90034
High
SQL Injection - SQLite
Description
SQL injection may be possible.
URL http://npm:3000/rest/products/search?q=%27%28
Method GET
Parameter q
Attack '(
Evidence SQLITE_ERROR
Request Header - size: 289 bytes.
Request Body - size: 0 bytes.
Response Header - size: 362 bytes.
Response Body - size: 309 bytes.
URL http://npm:3000/api/Challenges/?name=Score%20Board
Method GET
Parameter name
Attack case randomblob(1000000000) when not null then 1 else 1 end
Evidence The query time is controllable using parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [649] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [649] milliseconds, when the original unmodified query with value [Score Board] took [493] milliseconds.
Request Header - size: 345 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter q
Attack ' | case randomblob(1000000) when not null then "" else "" end | '
Evidence The query time is controllable using parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [539] milliseconds, parameter value [' | case randomblob(1000000) when not null then "" else "" end | '], which caused the request to take [539] milliseconds, when the original unmodified query with value [] took [250] milliseconds.
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
Instances 3
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Tags OWASP_2021_A03
WSTG-v42-INPV-05
OWASP_2017_A01
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://NPM:3000
Method GET
Parameter
Attack
Evidence
Request Header - size: 105 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter
Attack
Evidence
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter
Attack
Evidence
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter
Attack
Evidence
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 109 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,062 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6A&sid=0MP_vNZikbW3zHoLAAAA
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt28&sid=UoKXJ_6XT6XNx5aoAAAC
Method POST
Parameter
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8r&sid=A8RvNqU7b_0V7zN3AAAE
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8t&sid=QDA2ftkJS6qPlsD7AAAG
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCi&sid=56QbZR6DBW5xyl8ZAAAI
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxEx&sid=gtj3LP0dVW0EBut-AAAK
Method POST
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxzZ&sid=C1F_EdQzCNJXfH1dAAAM
Method POST
Parameter
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwy5H&sid=HUDrpu7FejAYX2EcAAAN
Method POST
Parameter
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 21
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Cross-Domain Misconfiguration
Description
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
URL http://NPM:3000
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 134 bytes.
Request Body - size: 0 bytes.
Response Header - size: 456 bytes.
Response Body - size: 15,086 bytes.
URL http://npm:3000/ftp
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 109 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,062 bytes.
URL http://npm:3000/main.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 113 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://npm:3000/polyfills.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 481 bytes.
Response Body - size: 54,478 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 349 bytes.
Request Body - size: 0 bytes.
Response Header - size: 306 bytes.
Response Body - size: 0 bytes.
URL http://NPM:3000/robots.txt
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 378 bytes.
Response Body - size: 28 bytes.
URL http://npm:3000/runtime.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 479 bytes.
Response Body - size: 3,210 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/styles.css
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 469 bytes.
Response Body - size: 609,583 bytes.
URL http://npm:3000/vendor.js
Method GET
Parameter
Attack
Evidence Access-Control-Allow-Origin: *
Request Header - size: 115 bytes.
Request Body - size: 0 bytes.
Response Header - size: 485 bytes.
Response Body - size: 1,376,624 bytes.
Instances 21
Solution
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
Reference https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
Tags OWASP_2021_A01
OWASP_2017_A05
CWE Id 264
WASC Id 14
Plugin Id 10098
Medium
ELMAH Information Leak
Description
The Error Logging Modules and Handlers (ELMAH [elmah.axd]) HTTP Module was found to be available. This module can leak a significant amount of valuable information.
URL http://NPM:3000/elmah.axd
Method GET
Parameter
Attack
Evidence HTTP/1.1 200 OK
Request Header - size: 115 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 1
Solution
Consider whether or not ELMAH is actually required in production, if it isn't then disable it. If it is then ensure access to it requires authentication and authorization. See also: https://elmah.github.io/a/securing-error-log-pages/
Reference https://www.troyhunt.com/aspnet-session-hijacking-with-google/
https://www.nuget.org/packages/elmah
https://elmah.github.io/
Tags OWASP_2021_A05
WSTG-v42-CONF-05
OWASP_2017_A06
CWE Id 94
WASC Id 14
Plugin Id 40028
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw-BB&sid=iBzAJrbuZSu2q_DpAAAa
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw-Ig&sid=dkL8IdZ4smSrpLGbAAAc
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw-km&sid=-T0sPd_8BSErNgG3AAAg
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw-Lx&sid=-CfdV47iJKHx3D96AAAb
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw-ov&sid=Au2DQ8NSOwsXkgWPAAAh
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw_22&sid=Z_xVAsGbeLwSuKKeAAAk
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw_k7&sid=TbKmKQnYxokfV00BAAAp
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw_Kf&sid=xFghdLLk0CXib92gAAAm
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLw_VG&sid=13fFAo3XdMpN2RPVAAAn
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 465 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6A&sid=0MP_vNZikbW3zHoLAAAA
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt28&sid=UoKXJ_6XT6XNx5aoAAAC
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8r&sid=A8RvNqU7b_0V7zN3AAAE
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8t&sid=QDA2ftkJS6qPlsD7AAAG
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCi&sid=56QbZR6DBW5xyl8ZAAAI
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxEx&sid=gtj3LP0dVW0EBut-AAAK
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxzZ&sid=C1F_EdQzCNJXfH1dAAAM
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwy5H&sid=HUDrpu7FejAYX2EcAAAN
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwyac&sid=OB81Qe3H99N0_UxcAAAR
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwyUU&sid=_x1lxk8VTyVe6OSaAAAQ
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwz-I&sid=lsm62Ue8eLTHaGjXAAAY
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwz29&sid=AlVuxOH6nQnAgoADAAAU
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwz8A&sid=rfGcsMIax-Q-dNJPAAAV
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLx0NI&sid=I4Gqs1Yxl4pqSBwhAAAs
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLx0OM&sid=6q4DrHOK8j17hqptAAAt
Method POST
Parameter x-frame-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 24
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
Tags OWASP_2021_A05
WSTG-v42-CLNT-09
OWASP_2017_A06
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Session ID in URL Rewrite
Description
URL rewrite is used to track user session ID. The session ID may be disclosed via cross-site referer header. In addition, the session ID might be stored in browser history or server logs.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6D&sid=0MP_vNZikbW3zHoLAAAA
Method GET
Parameter sid
Attack
Evidence 0MP_vNZikbW3zHoLAAAA
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwsAL&sid=0MP_vNZikbW3zHoLAAAA
Method GET
Parameter sid
Attack
Evidence 0MP_vNZikbW3zHoLAAAA
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt2D&sid=UoKXJ_6XT6XNx5aoAAAC
Method GET
Parameter sid
Attack
Evidence UoKXJ_6XT6XNx5aoAAAC
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt4T&sid=UoKXJ_6XT6XNx5aoAAAC
Method GET
Parameter sid
Attack
Evidence UoKXJ_6XT6XNx5aoAAAC
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8w&sid=A8RvNqU7b_0V7zN3AAAE
Method GET
Parameter sid
Attack
Evidence A8RvNqU7b_0V7zN3AAAE
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwuBp&sid=A8RvNqU7b_0V7zN3AAAE
Method GET
Parameter sid
Attack
Evidence A8RvNqU7b_0V7zN3AAAE
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8v&sid=QDA2ftkJS6qPlsD7AAAG
Method GET
Parameter sid
Attack
Evidence QDA2ftkJS6qPlsD7AAAG
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwvD1&sid=QDA2ftkJS6qPlsD7AAAG
Method GET
Parameter sid
Attack
Evidence QDA2ftkJS6qPlsD7AAAG
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCn&sid=56QbZR6DBW5xyl8ZAAAI
Method GET
Parameter sid
Attack
Evidence 56QbZR6DBW5xyl8ZAAAI
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwHQ&sid=56QbZR6DBW5xyl8ZAAAI
Method GET
Parameter sid
Attack
Evidence 56QbZR6DBW5xyl8ZAAAI
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxE_&sid=gtj3LP0dVW0EBut-AAAK
Method GET
Parameter sid
Attack
Evidence gtj3LP0dVW0EBut-AAAK
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxJA&sid=gtj3LP0dVW0EBut-AAAK
Method GET
Parameter sid
Attack
Evidence gtj3LP0dVW0EBut-AAAK
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxzc&sid=C1F_EdQzCNJXfH1dAAAM
Method GET
Parameter sid
Attack
Evidence C1F_EdQzCNJXfH1dAAAM
Request Header - size: 350 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=0MP_vNZikbW3zHoLAAAA
Method GET
Parameter sid
Attack
Evidence 0MP_vNZikbW3zHoLAAAA
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=56QbZR6DBW5xyl8ZAAAI
Method GET
Parameter sid
Attack
Evidence 56QbZR6DBW5xyl8ZAAAI
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=A8RvNqU7b_0V7zN3AAAE
Method GET
Parameter sid
Attack
Evidence A8RvNqU7b_0V7zN3AAAE
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=C1F_EdQzCNJXfH1dAAAM
Method GET
Parameter sid
Attack
Evidence C1F_EdQzCNJXfH1dAAAM
Request Header - size: 484 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=gtj3LP0dVW0EBut-AAAK
Method GET
Parameter sid
Attack
Evidence gtj3LP0dVW0EBut-AAAK
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=HUDrpu7FejAYX2EcAAAN
Method GET
Parameter sid
Attack
Evidence HUDrpu7FejAYX2EcAAAN
Request Header - size: 484 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=QDA2ftkJS6qPlsD7AAAG
Method GET
Parameter sid
Attack
Evidence QDA2ftkJS6qPlsD7AAAG
Request Header - size: 433 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=websocket&sid=UoKXJ_6XT6XNx5aoAAAC
Method GET
Parameter sid
Attack
Evidence UoKXJ_6XT6XNx5aoAAAC
Request Header - size: 454 bytes.
Request Body - size: 0 bytes.
Response Header - size: 129 bytes.
Response Body - size: 0 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6A&sid=0MP_vNZikbW3zHoLAAAA
Method POST
Parameter sid
Attack
Evidence 0MP_vNZikbW3zHoLAAAA
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt28&sid=UoKXJ_6XT6XNx5aoAAAC
Method POST
Parameter sid
Attack
Evidence UoKXJ_6XT6XNx5aoAAAC
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8r&sid=A8RvNqU7b_0V7zN3AAAE
Method POST
Parameter sid
Attack
Evidence A8RvNqU7b_0V7zN3AAAE
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8t&sid=QDA2ftkJS6qPlsD7AAAG
Method POST
Parameter sid
Attack
Evidence QDA2ftkJS6qPlsD7AAAG
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCi&sid=56QbZR6DBW5xyl8ZAAAI
Method POST
Parameter sid
Attack
Evidence 56QbZR6DBW5xyl8ZAAAI
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxEx&sid=gtj3LP0dVW0EBut-AAAK
Method POST
Parameter sid
Attack
Evidence gtj3LP0dVW0EBut-AAAK
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxzZ&sid=C1F_EdQzCNJXfH1dAAAM
Method POST
Parameter sid
Attack
Evidence C1F_EdQzCNJXfH1dAAAM
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 28
Solution
For secure content, put session ID in a cookie. To be even more secure consider using a combination of cookie and URL rewrite.
Reference http://seclists.org/lists/webappsec/2002/Oct-Dec/0111.html
Tags OWASP_2021_A01
WSTG-v42-SESS-04
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 3
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://NPM:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 105 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 216 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 315 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/assets/public/favicon_js.ico
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 139 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.git/index
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/main.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/polyfills.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 123 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/runtime.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/styles.css
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 121 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://npm:3000/.git/vendor.js
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 120 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/entries
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 118 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/.svn/wc.db
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 116 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
URL http://NPM:3000/sitemap.xml
Method GET
Parameter //cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence <script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Request Header - size: 117 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 1,987 bytes.
Instances 24
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
Tags OWASP_2021_A08
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Private IP Disclosure
Description
A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 192.168.99.100:3000
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
Instances 1
Solution
Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.
Reference https://tools.ietf.org/html/rfc1918
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 2
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL http://npm:3000/main.js
Method GET
Parameter
Attack
Evidence 1734944650
Request Header - size: 113 bytes.
Request Body - size: 0 bytes.
Response Header - size: 483 bytes.
Response Body - size: 399,748 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://npm:3000/rest/admin/application-configuration
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 296 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 18,843 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1969196030
Request Header - size: 283 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,880 bytes.
URL http://npm:3000/rest/products/search?q=
Method GET
Parameter
Attack
Evidence 1970691216
Request Header - size: 283 bytes.
Request Body - size: 0 bytes.
Response Header - size: 389 bytes.
Response Body - size: 12,880 bytes.
Instances 5
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
Tags OWASP_2021_A01
OWASP_2017_A03
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwrz2
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6D&sid=0MP_vNZikbW3zHoLAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 53 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwsAL&sid=0MP_vNZikbW3zHoLAAAA
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwsvL
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 295 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt2D&sid=UoKXJ_6XT6XNx5aoAAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt4T&sid=UoKXJ_6XT6XNx5aoAAAC
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt_6
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8w&sid=A8RvNqU7b_0V7zN3AAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu_s
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwuBp&sid=A8RvNqU7b_0V7zN3AAAE
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8v&sid=QDA2ftkJS6qPlsD7AAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwvD1&sid=QDA2ftkJS6qPlsD7AAAG
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLww2z
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCn&sid=56QbZR6DBW5xyl8ZAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwHQ&sid=56QbZR6DBW5xyl8ZAAAI
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwx64
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 274 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxE_&sid=gtj3LP0dVW0EBut-AAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 32 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxJA&sid=gtj3LP0dVW0EBut-AAAK
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 320 bytes.
Request Body - size: 0 bytes.
Response Header - size: 163 bytes.
Response Body - size: 1 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxqk
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 325 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxyj
Method GET
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 325 bytes.
Request Body - size: 0 bytes.
Response Header - size: 164 bytes.
Response Body - size: 96 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLws6A&sid=0MP_vNZikbW3zHoLAAAA
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwt28&sid=UoKXJ_6XT6XNx5aoAAAC
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 405 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwu8r&sid=A8RvNqU7b_0V7zN3AAAE
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwv8t&sid=QDA2ftkJS6qPlsD7AAAG
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwwCi&sid=56QbZR6DBW5xyl8ZAAAI
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxEx&sid=gtj3LP0dVW0EBut-AAAK
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
URL http://npm:3000/socket.io/?EIO=4&transport=polling&t=OrLwxzZ&sid=C1F_EdQzCNJXfH1dAAAM
Method POST
Parameter x-content-type-options
Attack
Evidence
Request Header - size: 435 bytes.
Request Body - size: 2 bytes.
Response Header - size: 147 bytes.
Response Body - size: 2 bytes.
Instances 27
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10021